admin管理员组

文章数量:1429141

I'm looking to restrict all users (other than admins) to only be able to upload images e.g JPG's and PNGs allowed for all users but still allow admins to upload pdfs etc. (Or even better would be to only prevent unregistered users from uploading anything other than JPGs and PNGs!)

I've been trying the following functions.php code but it still seems to restrict admins from uploading PDFs:

add_filter('upload_mimes','restict_mime'); 
function restict_mime($mimes) { 
if(!current_user_can(‘administrator’)){
    $mimes = array( 
                'jpg|jpeg|jpe' => 'image/jpeg', 
                'png' => 'image/png', 
    ); 
}
    return $mimes;
}

Any ideas?

I'm looking to restrict all users (other than admins) to only be able to upload images e.g JPG's and PNGs allowed for all users but still allow admins to upload pdfs etc. (Or even better would be to only prevent unregistered users from uploading anything other than JPGs and PNGs!)

I've been trying the following functions.php code but it still seems to restrict admins from uploading PDFs:

add_filter('upload_mimes','restict_mime'); 
function restict_mime($mimes) { 
if(!current_user_can(‘administrator’)){
    $mimes = array( 
                'jpg|jpeg|jpe' => 'image/jpeg', 
                'png' => 'image/png', 
    ); 
}
    return $mimes;
}

Any ideas?

  • php
  • functions
  • uploads
Share Improve this question asked Apr 18, 2017 at 8:12 CtyldsleyCtyldsley 232 bronze badges 5
  • Hi, welcome to SE. Did you exactly copy this code to your functions.php? The input value for current_user_can() is wrapped with and , you should use ' instead. – Johansson Commented Apr 18, 2017 at 8:33
  • I can't believe I overlooked such a simple thing @JackJohansson. Thankyou! That's done the trick as far as I can tell :) – Ctyldsley Commented Apr 18, 2017 at 15:19
  • You are welcome! Happens sometimes, hours of investigation ends into a single period or comma! :D – Johansson Commented Apr 18, 2017 at 16:47
  • I've posted an answer for future visitors. If it fully solved your problem, please do consider marking it as accepted. – Johansson Commented Apr 18, 2017 at 18:10
  • 1 using a user role in current_user_can() will likely trigger a _doing_it_wrong() in the near future. Instead of a role, you should be using a capability with that function. – Nathan Johnson Commented Apr 18, 2017 at 18:12
Add a comment  | 

2 Answers 2

Reset to default 1

There is a syntax error in your conditional:

current_user_can(‘administrator’)

The input value is wrapped in ‘ ’, which should be wrapped in ' ' instead. Right now, because ‘administrator’ is neither a role nor capability, the above will always return a false value, therefore 

if(!current_user_can(‘administrator’))

will always return true, which will restrict the mime type for everyone, including administrators. The correct form will be :

if( !current_user_can('administrator') ) { 
    //CODE HERE
}

The reason your code wasn't working is because you have a typographical error in your code. That code is actually triggering an error. You can enable debug mode to see the error.

But that's not really what's wrong with you code. What's really wrong is that you are using a function that checks a user capability and trying to check a user's role. This works because of how WordPress handles roles and capabilities, but it is not the correct way to check a user's role.

In fact, using a user role in current_user_can() will likely trigger a _doing_it_wrong() in the near future. See #38653 Trigger a doing it wrong when checking a role name as a capability. Using current_user_can() to check a user role has been wrong for a very long time. See this 2006 post, How to check if a WordPress user is an “administrator”, by WordPress lead developer Mark Jaquith

Instead of a role, you should be using a capability with that function.

If you want to check a user's role, then you should do something like the following. There's really no good way to check what role a user has, because they can have multiple roles, and because the user capabilities are not guaranteed to be the same as the roles they are a part of.

add_filter( 'upload_mimes', 'wpse_263936_upload_mimes' ); 
function wpse_263936_upload_mimes( $mimes ) { 
  if( ! in_array( 'administrator', wp_get_current_user()->roles ) ) {
    $mimes = array( 
      'jpg|jpeg|jpe' => 'image/jpeg', 
      'png' => 'image/png', 
    );
  }
  return $mimes;
}

If you want to continue using current_user_can(), you should check a capability such as promote_users or manage_options which by default is only applied to the administrator role.

add_filter( 'upload_mimes', 'wpse_263936_upload_mimes' ); 
function wpse_263936_upload_mimes( $mimes ) { 
  if( ! current_user_can( 'promote_users' ) ) {
    $mimes = array( 
      'jpg|jpeg|jpe' => 'image/jpeg', 
      'png' => 'image/png', 
    );
  }
  return $mimes;
}

Or you could even define the ALLOW_UNFILTERED_UPLOADS constant in your wp-config.php and add the unfiltered_upload capability to the administrator role and check for that.

本文标签: phpRestrict Wordpress File Type Uploads by User Type

版权声明:本文标题:php - Restrict Wordpress File Type Uploads by User Type 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745538334a2662375.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。